package cn.dlc.com.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

/**
 * @Author: dlc
 * @Date: 2021/11/25 - 14:23
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true, securedEnabled=true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    // 授权码模式下的授权码如何存取，暂时是用内存方式
    @Bean
    public AuthorizationCodeServices authorizationCodeServices(){
        return new InMemoryAuthorizationCodeServices();
    }

    // 认证管理器(这个地方命名很讲究，authenticationManagerBean，必须叫这个！！)
    // 因为super里面也是这样写的。
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception{
        return super.authenticationManagerBean();
    }


    // 内存里面放两个人
    @Bean
    public UserDetailsService userDetailsService(){
        InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
        // 内存里面创建了两个人
        userDetailsManager.createUser(User.withUsername("jack").password("$2a$10$ISlyS1jZxl.OOsBclQ5ZgeG5mlicwYGzr3NEO4z3OeHtLB/IpPnKu").authorities("p1").build());
        userDetailsManager.createUser(User.withUsername("rose").password("$2a$10$ISlyS1jZxl.OOsBclQ5ZgeG5mlicwYGzr3NEO4z3OeHtLB/IpPnKu").authorities("p2").build());
        return userDetailsManager;
    }


    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                // 这个没必要
                // .antMatchers("/user/r/r1").hasAuthority("p1")
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()
                .and().formLogin();
        ;
    }

    /**
     * 绑定数据库，但是不配置貌似也可以
     * @param auth
     * @throws Exception
     */
   /* @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
    }*/
}
